Skip to content
/ selinux-psp-policy Public

Replacement for the Kubernetes Pod Security Policy that controls the usage of SELinux

kubewarden.io

License

Apache-2.0 license
1 star 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kubewarden/selinux-psp-policy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

158 Commits

.github/workflows

.github/workflows

 
 

src

src

 
 

test_data

test_data

 
 

.gitignore

.gitignore

 
 

CODEOWNERS

CODEOWNERS

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

Cargo.lock

Cargo.lock

 
 

Cargo.toml

Cargo.toml

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

artifacthub-pkg.yml

artifacthub-pkg.yml

 
 

artifacthub-repo.yml

artifacthub-repo.yml

 
 

hub.yml

hub.yml

 
 

metadata.yml

metadata.yml

 
 

questions-ui.yml

questions-ui.yml

 
 

renovate.json

renovate.json

 
 

Repository files navigation

Kubewarden Policy Repository Stable

Kubewarden policy psp-selinux

Description

Replacement for the Kubernetes Pod Security Policy that controls the usage of SELinux in the pod security context and on containers, init containers and ephemeral containers. This policy will inspect the .spec.securityContext.seLinuxOptions of the pod if the container has no specific .spec.securityContext.seLinuxOptions. In other words, the seLinuxOptions of the container, init container and ephemeral containers take precendence over the pod seLinuxOptions, if any.

Settings

This policy works by defining what seLinuxOptions can be set at the pod level and at the container level.

One of the following setting keys are accepted for this policy:

  • MustRunAs: contains the desired value for the seLinuxOptions parameter. If the pod does not contain a .securityContext, or a .securityContext.seLinuxOptions, then this policy acts as mutating and defaults the seLinuxOptions attribute to the one provided in the configuration. In all cases, pod containers, init container and ephemeral containers .seLinuxOptions are checked for compatibility if they override the Pod Security Context seLinuxOptions value.
  • RunAsAny: always accepts the request.

Configuration examples:

rule: RunAsAny
rule: MustRunAs
user: user
role: role
type: type
level: s0:c0,c6

About

Replacement for the Kubernetes Pod Security Policy that controls the usage of SELinux

kubewarden.io

Topics

kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

6 watching

Forks

3 forks
Report repository

Releases 14

Release v0.1.12 Latest
Jul 11, 2023
+ 13 releases

Packages 2

 
 

Contributors 9

Languages